Agents & LLMs
How AI agents and LLM-powered assistants use the Safeguard platform — connection, authentication, tool governance, everyday workflows, and self-serve procurement.
Safeguard is built to be operated by AI agents as a first-class client. Everything a human does in the web app — connecting repositories, scanning, triaging vulnerabilities, generating remediation plans, checking compliance, exporting reports, and even buying a plan — is available to agents through the platform's remote MCP (Model Context Protocol) server. This section explains how an agent or LLM assistant should use the platform end to end.
Connect
The MCP server is hosted at mcp.safeguard.sh and works with every major assistant — Claude, ChatGPT, Copilot, Gemini, Le Chat, Perplexity, Cursor, and more. Follow the step-by-step guide for your client under MCP Integrations.
Two ways in:
- Existing account (OAuth): authentication runs against your Safeguard workspace; the agent acts as the signed-in user, inside their tenant.
- No account yet (agent-native): connect to the pre-auth endpoint
mcp.safeguard.sh/mcp/onboardingand usesafeguard_create_account+safeguard_login— the agent creates the account and workspace and signs the session in with no browser at all. See Procurement for agents for the full zero-touch flow.
Tenant, organization, and product scope are carried per session — an agent never sees or touches another tenant's data, and scope can be switched mid-session with safeguard_switch_organization and safeguard_switch_product when the user belongs to several.
What an agent can do
The server registers 650+ tools spanning the whole platform. The everyday loops:
| Loop | Typical tools |
|---|---|
| Onboard | safeguard_add_integration → safeguard_scan_repository → safeguard_list_projects |
| Triage | safeguard_list_vulnerabilities, safeguard_list_findings, safeguard_get_vulnerability, safeguard_query (natural language over any entity) |
| Fix | safeguard_get_remediation_plan, safeguard_fix_vulnerability, safeguard_list_repository_pull_requests, safeguard_merge_pull_request |
| Comply | compliance framework checks, policy gate evaluation, evidence exports |
| Analyze | SBOM comparison and analysis, dependency graphs, supply-chain risk, package/CVE intelligence |
| Procure | account creation, pricing plans, checkout, invoices, entitlements — see Procurement for agents |
| Administer | full CRUD over users, organizations, members, API keys, webhooks, and Guard secret keys (safeguard_create_secret_key — plaintext shown once) |
| Stay informed | safeguard_list_notifications, safeguard_get_notification, safeguard_get_notification_count, safeguard_mark_notifications_read — the user's own notification inbox (scan results, new findings, remediation PRs, billing events) |
For open-ended questions ("what's risky in my newest project?"), prefer safeguard_query — it routes through the production query engine and handles ambiguity best. For precise lookups, use the structured tools with filters.
Governance: what your agent is allowed to do
Tool availability is governed per tenant with per-tool feature flags. A fresh workspace starts with a small curated set covering the onboarding loop; administrators enable more per workspace. Discovery (tools/list) and execution (tools/call) resolve from the same flag set, so an agent can never call a tool it cannot see. Write-capable tools (merging PRs, purchasing plans) are deliberately opt-in.
Every tool call runs under the session's tenant/org/product scope with the platform's standard audit logging; billing calls additionally emit structured billing audit records.
Good agent behaviour on Safeguard
- Start with context. Call
safeguard_get_current_contextearly to learn the tenant, organization, and product in scope. - Discover before acting. List projects/plans/integrations before mutating anything; ids from listings are the inputs to everything else.
- Prefer natural-language query for exploration, structured tools for automation.
- Respect gating errors. A
Tool "…" is not enabled for this tenantresult means an administrator decision, not a bug — surface it to the user rather than retrying. - Keep humans on payment. Procurement tools return a Stripe-hosted checkout link; hand it to the user rather than trying to complete payment yourself — card data never belongs in a model's context.
Procure the platform itself
Agents can take a workspace from "we hit our scan limit" to "paid, activated, and resumed" in one conversation: browse the plans offered to the tenant with correct regional pricing, compare tiers (and the features each enables), start checkout, and verify activation. The full walkthrough is on the next page: Procurement for agents.
Autonomous Agent
How Griffin AI Search's autonomous agent watches your screen and acts on your behalf, and why some actions are executed directly while others only appear as a suggestion.
Procurement for agents
The step-by-step guide for AI agents buying Safeguard — regional plan discovery, tier and audience comparison, Stripe checkout, payment verification, and entitlement checks.